Account security measures
February 22, 2020

In order to be truly effective, any actions Questrade takes to ensure your security must be made in conjunction with the actions you take. Below are some affective ways to help keep your account secure:

  • Online practices

    Here are some core practices to follow in keeping your account secure:

    • Keep your password or username private, do not share it with anyone
    • Do not store your financial information (such as investment account numbers and login information) with personal finance sites like If you do share your Questrade login information, your security may be at a greater risk
    • Change your password and your personal identification question and response at least once every 180 days (6 months). At Questrade, you’re required to change your password every 6 months. If you have 2-step verification (2SV) set up for your account, your password does not expire
    • Avoid accessing your account in public locations, such as Internet cafes or libraries
    • Never input personal information on an online form or application that does not display "https://" before the website address or have a “padlock” symbol in the lower right hand corner of the webpage. Commonly, these security symbols indicate that the site is secured by encryption technology and the information you enter is protected.
    • Always log off and close your browser after every online banking session and shut down your computer when not in use.

  • Protecting your computer

    A new computer is pre-configured with factory settings. Running your computer with these defaults leaves you open to security breaches. Note: with all security measures, whether software or your operating system, the manufacturer will issue regular notices of updates or patches. Register with each manufacturer to ensure you receive the notices, and install new versions promptly.

    Here are some ways to help safeguard your personal information and keep your computer safe

    1. Anti-virus software: your computer can become infected with a virus in various ways, such as email attachments, content download from a website, or through infected media (DVDs, USB drives, etc.). Anti-virus software helps prevent your computer from becoming infected and your files from being corrupted or lost. It also can detect existing viruses and clean your computer so that they do not spread. Always use up-to-date anti-virus software that is capable of scanning files and email messages. Most anti-virus programs include an auto-update feature that enables the program to download profiles/signatures of new viruses so that it can check for them as soon as they are discovered. Register your new anti-virus software immediately, and sign up for automatic notification of product updates to ensure your computer is protected.
    2. Anti-malware/Anti-spyware software: malicious software attacks are increasing at a staggering rate. Malware generally refers to any program that intentionally harms your computer and is typically installed without your consent. Malware can access your computer if you do something as harmless as clicking on an ad, going to a website, or even unknowingly downloading a document. In some cases, malware actually poses as anti-malware software. Your best defence is to keep your browser, operating system, and applications up to date, and to consistently run updated anti-malware software.Spyware is a particularly nasty type of malware, and is designed to essentially “spy” on you by tracking and collecting your personal information. The information collected often includes your user IDs, passwords, name, and address.
    3. Firewall: is designed to filter the information coming through the Internet into your computer, permitting communication only with sources you know and trust. It helps prevent unauthorized access, protecting your home network and family from potential hackers. If you do not have a firewall installed, any personal information stored on your computer or distributed using the web may be accessed by an attacker for as long as your computer is connected to the Internet. Many computers have firewalls built into their operating systems. Ensure you turn off any default firewall before installing a new one. Also, do not run two firewalls simultaneously. Most modems or routers installed by your ISP have firewall capabilities. Where possible, you should use them. For more details, contact your Internet service provider. Restrict traffic that travels through your firewall by only granting access to those programs and/or traffic that you are familiar with. If you do not share files or documents with other computers on your network, disable the file sharing feature. Doing so will prevent others from being able to download or view your files or documents.
    4. Browsers: Many browsers include filters that can block phishing sites. The newest editions of Microsoft's Internet Explorer, Mozilla's Firefox, and Google’s Chrome all include this feature. Filters are an important tool, especially when used in conjunction with other anti-piracy tools. Sign up for automatic notification and any security software updates, if available, and download them as soon as you can. Always use a web browser that supports 128-bit encryption when accessing secure websites. This ensures that your data is transmitted confidentially over the Internet
    5. Wireless: Wireless routers are very convenient. They can also leave your computer vulnerable to malicious hacking. Ensure you change the default password for your router, whether internal, external or wireless. On your network, enable the wireless encryption and disable the SSID (service set identifier). Precise details for encrypting and hiding identifiers are different for every device. Refer to the manufacturer's guidelines for specific details.

  • Safe online practices

    With your computer environment secured, the next step is to ensure you protect your online interactions – any point at which you divulge personal details with online businesses.

    1. For any activity that requires you to input personal information, use your own computer or a machine you can verify. The security level on public computers, whether at a library, an Internet café, or a hotel lobby, cannot be accurately tested or verified as virus and spyware free
    2. Access your brokerage account ONLY from a secure web page using encryption. A secure website address starts with https rather than http. Also look for the closed padlock icon beside the address bar. It appears when the site is verifiably authentic and represents an SSL (Secure Sockets Layer) certificate. Important note: there have been instances of fraudulent use of the SSL icon within the body of an email. See phishing for more information (hyperlink)
    3. Empty your cache or browser history. This is particularly important if you are not on your own machine
    4. Pharming sites can be very difficult to distinguish from authentic sites. If you are unsure as to a site's authenticity, right-click on your mouse and then scroll down to properties. Open properties and click on the certificates button. If the site does not have a certificate, it is not secure, therefore any information you enter on it is vulnerable. Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent web sites without their knowledge or consent
    5. Change each of your passwords regularly: at least once every 180 days (6 months). Your password should be at least 16 characters long and a mix of uppercase and lowercase letters, numbers, and symbols, such as a question mark or ampersand
    6. Know who you are dealing with. Questrade will never send you an email asking you to provide personal / confidential information. If you receive a suspicious-looking email, report it directly to Never send account info online in response to emails (re: phishing and pharming)

  • Safe offline practices

    Any physical documents that contain personal information should also be safeguarded and monitored. There are numerous steps you should take. The following are particularly important for dealings with financial institutions such as Questrade.

    1. Review your statements carefully and be proactive. Make sure any transactions shown are transactions you made
    2. Always keep your mailing and email addresses current. Advise Questrade immediately if you change your contact information
    3. Use a shredder to destroy documents that contain personal information. This includes account statements, unsolicited mail addressed to you such as pre-authorized credit cards, receipts that you no longer need that include a credit or debit card number

You may want to check this out

Need more help?

The information contained in this website is for information purposes only and should not be used or construed as financial or investment advice by any individual. Information obtained from third parties is believed to be reliable, but no representations or warranty, expressed or implied is made by Questrade, Inc., its affiliates or any other person to its accuracy.

Questrade Wealth Management Inc. (QWM) and Questrade, Inc. are wholly owned subsidiaries of Questrade Financial Group Inc. Questrade, Inc. is a registered investment dealer, a member of the Investment Industry Regulatory Organization of Canada (IIROC) and a member of the Canadian Investor Protection Fund (CIPF), the benefits of which are limited to the activities undertaken by Questrade, Inc. QWM is not a member of IIROC or the CIPF.

© 2020, Questrade, Inc. All Rights Reserved.